Why choose Honeypots?
Detect more intrusions
With Honeypots, attackers are fooled into focusing their attacks on resources that will enable you to analyze the intrusion: the TEHTRIS XDR Platform gives you direct access to reports and event dashboards.
Save time on detection
Any interaction with Honeypots’ fake machines and services is immediately detected. Instead of having to analyze billions of pieces of data, Honeypots gives you concise, directly usable information.
Make it difficult for attackers
With our Honeypots, hackers can’t make the slightest mistake. If they interact with the decoys positioned on your network, an alert is immediately triggered. Their internal explorations and lateral movements are made more complex.

Easy to deploy on your networks
To deceive hackers and prevent attacks, our Honeypots are positioned on your networks. They can cover all VLANs in a network zone, without manually deploying a machine in each VLAN. XDR/ Honeypots run on appliances using the TEHTRIX distribution, with full disk encryption and advanced protection mechanisms such as RBAC in the kernel and anti-0-day protection.
Fast integration
To protect your parc as quickly as possible, our Honeypots are designed to be easily integrated. With Honeypots, position fake machines and services on your networks alongside existing machines, without modifying your systems. None of your current equipment is disrupted and, in operated mode, TEHTRIS takes care of the deployment and maintenance.

Access to the TEHTRIS XDR Platform and its enhanced technology
As soon as a hacker interacts with a decoy, an alert is sent in real time to the TEHTRIS XDR Platform. Each alert gives you an additional overview of the security of your fleet: reports and event dashboards can be consulted directly on the TEHTRIS XDR Platform.
As a module of our XDR Platform, Honeypots also gives you access to all of TEHTRIS’ augmented technology:
- Create your own playbooks (in No Code Automation) with our SOAR to make your solutions interact (even with partner solutions such as Zscaler, Proofpoint…) and to hyperautomate your cybersecurity.
- CTI gives you access to instant analysis, sandboxing and hunting tools.
- Achieve unrivalled accuracy in detecting known and unknown threats thanks to the Deep Learning neural networks of Cyberia, our artificial intelligence.

MITRE ATT&CK compliance
MITRE ATT&CK is a knowledge base with a model of the behavior of a cyber attacker, reflecting the different phases of the attack life cycle according to the targeted platforms: Windows, Mac, Linux, mobile, etc.
day to deploy TEHTRIS Deceptive Response
important alerts each month
interactions monitored worldwide annually by TEHTRIS honeypots

Preserve the sovereignty and integrity of your data.
With a European hosting, TEHTRIS offers you the best guarantees of sovereignty over your data. Detect silent intrusion campaigns and regain control over all attack vectors.
FAQ
What features does TEHTRIS Deceptive Response offer?
TEHTRIS Deceptive Response covers all network layers from Level 3 to Level 7, providing the ability for attackers to interact remotely, using fake machines. We thus offer network level (IP+ICMP, TCP, UDP) and application level fake layers to simulate SSH access, Web, Windows services and so on.
How is TEHTRIS Deceptive Response deployed?
TEHTRIS Deceptive Response is very simple to deploy, by setting up each virtual appliance dedicated to your business, at the heart of your infrastructure. A simple boot of our installation ISO, and 4 basic answers later, you get your own honeypots that are installed on your network, with the knowledge that the whole service is remotely operated by TEHTRIS in SaaS mode.
What is a honeypot and why should I deploy one?
What are the interaction levels of the decoys proposed in TEHTRIS Deceptive Response?
Where should TEHTRIS Deceptive Response probes be placed?
What actions are monitored by TEHTRIS Deceptive Response?
How can we read the actions performed by intruders with TEHTRIS Deceptive Response?
What are the alerts raised by TEHTRIS Deceptive Response?
We have all TCP/IP interactions that are notified, as well as high interactions with specific decoys like SSH, Web or even Windows parts. For some interactions, TEHTRIS Deceptive Response users particularly appreciate being able to watch the hacker on video. For SSH, you can follow all typed commands step by step to understand the level, motivations, goals, and tools used. This gives us a rather original and unique way to track hackers.
How does the inventory service work?
As TEHTRIS Deceptive Response is deployed on a sensitive area, we listen to the available local flows, beyond the Unicast flows that we receive, and we build a vision of the neighboring machines in CMDB mode. This is not the main function of TEHTRIS Deceptive Response, but it is very useful for us to know where a laptop was connected for the first time, in which factory, on which VLAN, and above all for what purpose.
* © 2020 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
** Gartner and Market Guide are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner Market Guide for Extended Detection and Response, Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021
TEHTRIS recognized as a Representative Vendor in the 2021 Market Guide for Extended Detection and Response.
Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021
Gartner Innovation Insight for Unified Endpoint Security, Rob Smith, Dionisio Zumerle, 12th November 2020,
Gartner Market Guide for Mobile Threat Defense, Dionisio Zumerle, Rob Smith, 29th March 2021,
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.